Rapid7 is excited to guest blog today as we have just announced the introduction of automation to the Insight Platform through a combination of native functionality and the addition of InsightConnect, our security orchestration, and automation tool. InsightVM and InsightIDR now come with pre-built automation functionality in the tool and a selection of native workflows. For additional workflow needs, InsightConnect allows users to build workflows security teams need to harmonize the tools they use with their processes, cross-functional teams, and existing technology investments.
One of the many reasons why we value working with Mission Critical is our shared vision that security products don’t function in silos, but need to be integrated together. There are several technology partners of Mission Critical whose solutions can be connected to effectively mitigate risk and contain/respond to threats, including Palo Alto PAN-OS, Carbon Black Response, and Okta.
To learn more, continue reading below. You can also reach out to your advisors at Mission Critical to learn more about:
- the automation workflows now included with Rapid7's InsightVM (vuln mgmt) and InsightIDR (incident detection & response)
- how you can use also InsightConnect independently to create workflows between the other tools and systems you already have
There’s a common theme underlying our product strategy at Rapid7: Security products don’t function in silos. To effectively mitigate risk and contain and respond to threats, security teams need to harmonize the tools they use with their processes, cross-functional teams, and existing technology investments.
Why security automation?
As security teams continue to evolve, adapt, and innovate at a rapid rate, the struggle to balance increasing workloads with limited resources, complex ecosystems, and rising threats has never been greater. Security orchestration, automation, and response (SOAR) solutions help teams improve their security posture and create efficiency—without sacrificing control of important security and IT processes.
The need for better integration and automation is something we hear from our customers on a daily basis. Our vulnerability management customers want automated processes to streamline the patching process once a vulnerability has been identified; our SIEM/IDR customers want to take action on an alert directly from an investigation using their existing tools, in order to better investigate and respond to threats. Most importantly, when operationalizing these tools, our customers need them to adapt to their environment and business processes—not the other way around.
We also can’t overlook the rising shortage of security professionals: The global cybersecurity workforce will be short roughly 1.8 million people by 2022, according to a recent report by Frost & Sullivan. With SOAR, the potential to save time while accomplishing more is substantial—typically reducing incident investigations by about 80% (from an average of 30 minutes to five minutes per investigation). When you consider how many alerts you investigate each day, the savings are impossible to ignore.
ROI calculator: See how much time you could save with orchestration and automation.
Security orchestration and automation on the Rapid7 Insight platform
With all of that in mind, I’m proud to officially announce orchestration and automation on Rapid7’s Insight platform. You’ll see this automation take shape in a number of our existing products, as well as in our new SOAR offering, Rapid7 InsightConnect, which is the evolution of the Komand security orchestration and automation framework that Rapid7 acquired in 2017.
InsightConnect is our new security orchestration and automation solution that enables your team to accelerate and streamline time-intensive processes without writing a single line of code. With 200+ plugins to connect your tools and easily customizable connect-and-go workflows, you’ll free up your team to tackle other challenges, while still leveraging human decision points when it’s most critical. With significant time savings and productivity gains across overall security operations, you’ll go from overwhelmed to operating at maximum efficiency in no time.
InsightVM, Rapid7’s vulnerability assessment solution, is getting an upgrade with new built-in automation workflows—available to customers at no additional cost. Use Automation-Assisted Patching to assign and track remediation duties seamlessly across teams, and even integrate with your existing tools like IBM BigFix and Microsoft SCCM. Use Automated Containment to automatically implement temporary (or permanent) compensating controls via your Network Access Control (NAC) systems, firewalls, and endpoint detection and response (EDR) tools such as Palo Alto PAN-OS, Cisco FirePower, and Carbon Black Response.
InsightIDR, Rapid7’s modern SIEM solution, is also getting an upgrade. Take your incident detection and response capabilities to the next level with containment capabilities such as de-provisioning users, resetting passwords, killing malicious processes, quarantining assets, and more. Compromised credentials and lateral movement are consistently the top attack vectors behind breaches. With InsightIDR, you’ll be able to detect stealthy malicious behaviors across the entire MITRE ATT&CK framework. Unlike technology that just focuses on the endpoint, InsightIDR integrates with Active Directory and leading cloud services such as Okta to apply User Behavior Analytics to authentications across your environment. Once you identify a compromised user account or endpoint in InsightIDR, you can take direct action to contain the threat.
InsightConnect and the automation functionality within InsightVM and InsightIDR will begin its global rollout on Oct. 1 and continue through early 2019.
Ready to learn more (or get started)?
Click here to email us and we will get back with you shortly!